Java Should Be Fun

Apropos the Apple Java scandal Ted Landau wrote as most: 'turn it off'. But he also added 'the real world risk is very very low' and 'play it safe and disable Java for now even though it probably won't matter whatever you do'.

But that's probably before it became known what Landon Fuller had done.

Koivo & Tinnes, Czerniak & Fuller

Credit for discovery of the pernicious bug goes to Sami Koivo; credit for definitive work on it goes to Google security researcher Julien Tinnes; so how did Landon Fuller get involved? Easy: Jeffrey Czerniak told him about it.

What's really funny is how he's denying he ever exposed the code.
And so now the 'real world risk' that was supposed to be 'very very low' is a bit higher again. So make sure you have Java turned off.

Never attribute to malice that which may have been done by Jeffery Czerniak and Landon Fuller.

I have not posted source code or instructions on how to exploit the vulnerability. - Landon Fuller at Security FixLandon was nice enough to leave the .class files non obfuscated for those of you that missed it. - 'KF' at Daily Dave